Securing Your Network with AAA
Terms you'll need to understand
CiscoSecure Access Control Server (ACS)
Authentication, authorization, and accounting (AAA)
Terminal Access Controller Access Control System (TACACS)
Remote Authentication Dial-In User Service (RADIUS)
Techniques you'll need to master:
Starting the AAA process on a router
Configuring AAA addresses and passwords
Understanding the AAA commands
The Cisco Security Options
Cisco provides IOS options and hardware products to help secure your network and make securing the network easier. The router IOS now has a number of security options, such as virtual private network (VPN) capabilities and integration with intrusion detection system (IDS) sensors and the firewall feature set.
Each of the different security options is also available as a separate security appliance; typically, an appliance is another piece of hardware designed for a specific task. Some of the different appliances follow:
VPN concentrators and hardware clientsAn appliance designed specifically for encryption and decryption to offload the work from routers, servers, workstations, and other infrastructure devices.
IDSsAvailable to examine traffic passing along the wire looking for known signatures of attacks as well as other anomalies. One IDS option is an add-on card for the 6500 catalyst switch, a separate appliance for critical servers, known as a host-based IDS.
PIX FirewallThe PIX Firewall uses its own proprietary operating system, featuring a stateful packet-inspecting system based on the Adaptive Security Algorithm (ASA), cut-through proxy, hot standby, and failover capabilities.